Nikhilesh De: I just want to give you a chance to really just introduce yourself and talk about what you're doing and why you're here.
Brian Nelson: So, first of all, thank you for having me. And some of you may know, I am the Under Secretary for Terrorism, Financial Intelligence at the Department of the Treasury, which has the responsibility for managing both our Office of Foreign Assets Control, which administers U.S. sanctions, as well as our Financial Crime Enforcement Network that administers the Bank Secrecy Act and all of the AML/CFT [anti-money laundering/combating the financing of terrorism] obligations financial institutions have to comply with that are operating here in the United States. I also have offices that do international policy work, because what we have discovered in this space, both in terms of our sanctions authorities, as well as our AML/CFT authorities, is that we need to do that with partners and in a way that is directionally aligned with setting global standards. And then lastly, we have an office of intelligence analysis, intelligence office that really is the foundation for so much of the work that we're able to do,
I thought I would just take a couple of minutes to level-set a little bit about the work that we're doing in the space that's most relevant to you all and, and give you a sense of where we're going. So I know, across a number of sessions for this year, there's really been a guiding principle focused on innovation and ensuring privacy, while also mitigating those risks. And of course, I'm primarily interested in those risks associated with illicit finance. As I said, one of the reasons why I am here and why we have so much industry engagement is because this work requires that we all have a firm understanding of the threats and risks and vulnerabilities associated with any of these products and services, including, of course, financial services. I'll announce – maybe some of you all have seen it – but today, we published a risk assessment on non-fungible tokens or NFTs. It really identifies that NFT and NFT platforms, while rarely used for terrorists or proliferation financing, are really highly susceptible to the use and fraud and scams, and many of these traditional schemes that involve NFTs which can be of course stolen from victims, and then use to launder proceeds generated from illicit activities. I would just encourage you all to read it if you haven't had a chance to read it yet, and it just dropped a couple of hours ago. It really builds on national risk assessments that we've done in the context of money laundering, proliferation, financing and terrorism financing over the course of this year, and all of these NRAS noted that we are really continuing to observe that digital assets are being abused by those actors that you would expect. So these are North Korean cyber criminals as well as ransomware actors. And they're doing this to generate revenue and launder their illicit proceeds.
We've also identified some newer trends within the digital asset ecosystem, which includes a sharp rise in investment scams. I think you all are familiar with pig butchering. This was something that was relatively new to me, as well, last year, but we're really seeing that is generating quite a bit of losses as well as other investment schemes that have accounted for 75% of internet enabled investment fraud, as of 2023, and those losses totaled over two and a half billion dollars. We've also observed the increased use of stable coins, notably tethers USD T by sanctioned person scammers and terrorist groups. And a key theme across all of that is that bad actors are seeking out those jurisdictions. And those products where there are weak or insufficient AML/CFT, or sanctions, compliance programs, and some virtual assets, service providers are sort of outright failing to meet their compliance obligations. So all of this, I think, emphasizes the importance of our engagement with you and your companies, as well as, from my perspective, how significant a national security risks, some of this activity really poses to the United States. Just a last word, and then want to get to the conversation. You may have seen late last year, we, along with our colleagues at the Department of Justice, and the CFTC, took an enforcement action against Binance, which of course, is the world's largest virtual assets service provider. We did that because of the extraordinary amount of illicit activity we received through Binance. And their failure to meaningfully manage an AML/CFT compliance program, particularly as it related to U.S. persons. And it really reflects our desire to create an environment that incentivizes compliance, and that's through education as well as enforcement, additional regulatory clarity, and all of that, again, really requires that we work collaboratively together. So I'm happy to be here and in that spirit, I've told you a lot about what we're doing. I'm excited to have this conversation and reflect some more on the way ahead. Awesome.
I think the area I want to start with is most recently, you mentioned the report on NFTs. How do you build on that? Can you just speak to you know, what's the next steps? What will you do with this information now that you've put it together? That's a great question. And really, we identified NFTs as a particular source of risk back in 2022, when we released the risk assessment, as it relates to the digital asset ecosystem, broadly and committed that we would take a closer look at this asset class in particular, recognizing that NFTs and MT platforms are hard to define because they have the capacity to do a number of things. And of course, in 2022, the sort of NFT marketplace was going way up, it went down and, it's sort of come back up a little bit over the last number of months. But I think it reflects that absent, you know, sort of whatever the market movements are, we perceive, given the risk of abuse by illicit actors that we need to emphasize doing a number of things, one, creating the shared understanding through our risk assessment, which is really to communicate to stakeholders in industry, but obviously, across our government and with international partners, acknowledge that there's probably work that we need to do to better clarify how our regulatory authorities and AML/CFT compliance relates to NFTs. We need to do more things like this, which is enhanced stakeholder engagement, which we are committed to do. And, you know, sort of I think critically, from what I see is the sort of this jurisdictional arbitrage. So it's the capacity for virtual assets, service providers, you know, other actors within the virtual asset ecosystem to build companies that really don't have that compliance tone from the top technology to manage illicit finance risks. So working with foreign jurisdictions to have a shared understanding of the best way to regulate NFTs internationally, with sort of one clearly understood standard is another way for err that we identified in this report. Gotcha.
One thing that I think was really controversial within crypto circles was the NPRM, the Notice of Proposed Rulemaking, last year on crypto mixers and potentially treating them as areas of primary money laundering concern. Can you speak to the feedback you've received, the risks that you're trying to address and then where you might go from here?
We had a proposed rule that would require financial institutions to report information about transactions with crypto mixers. That comment period has now closed, we received a number of those comments, and we are, of course, working through them in order to promulgate a final rule. So I'll just make a couple of points about our concern about mixers and what I see is the road ahead. I mean, in the first instance, I think, from our perspective, we believe that there is a difference between sort of obfuscation and anonymity enhancing services and those that support privacy. And we, of course, totally recognize that, in the context of public blockchains, which provides information about financial transactions, that there would be a desire to have a certain degree of privacy around those financial transactions. That's obviously a core principle that is reflected in the BSA and protecting financial transaction privacy. And we, in that spirit, in terms of our commitment, and ongoing support for technological innovation, we want to work closely with industry to identify and, and collaborate on tools that can enhance privacy.
But what we see today is that mixers are not designed to provide that privacy, they're designed to offer escape from the origin, movement and destination of these assets. And, of course, in that context, they're extremely attractive to illicit actors. And in this context, we see North Korean cyber criminals and ransomware actors using mixers, to obfuscate the movement of these funds, the destination of these assets. And that creates a significant national security challenge for us. It is something in the context of this NPRM, this proposed rulemaking, we seek to enhance transparency around what is going on with these convertible virtual currency mixing services. But at the end of the day, I would just, you know, I would say this is not a ban on mixers. This is a proposed rule designed to drive additional transparency. And again, as we work through the comments towards the final rule, will, of course, have much more to say about a way to again, manage illicit finance risk in the context of these technologies, and the service providers with a goal to meet the desire for meaningful privacy and the use of some of these technologies.
Right, so can you just maybe just build a little bit upon that, and, you know, in your, you know, you know, just kind of further talks about distinction between privacy and obfuscation? You know, to you, where's the how do you look at this question of balancing those two different, arguably similar issues with this technology?
I think it goes back to a couple of core principles that Treasury has reflected for a long time in its rulemaking. One is, you know, focus on the activity, not necessarily the product, and then based on the activity, making sure that we are building regulatory obligations to meet the risk associated with that type of activity. And certainly, that reflects the really the core of what we do and how we think about our regulations, which is that they need to be risk based and drive risk based behavior. So when you think about, again, these 80s and mixers and you reflect on the fact that they are really both I'm very attracted to elicit actors. But to this is, I think the important point and in terms of like, how do we manage privacy versus anonymity, you have these mixing entities that are not doing meaningful KYC, there's no AML/CFT, there are none of the things that are in place to manage exactly this tension. So it's not that everybody needs to know who you are transacting with. But there has to be a capacity, we think, for a U.S.person to be in a position to FOLLOW U.S.law, and not engage with a sanctioned individual, or a U.S.financial institution to not unwittingly engage in activity that is supporting the building of weapons in North Korea, and the like. So, ultimately, that's the good news is we balanced it, and I think we have sort of the policy framework to balance it. But we recognize that the technology is developing quickly, we recognize that we need to engage closely with industry so that we understand the technology and as we think through potential new regulatory authorities, and, you know, a new definition of financial institution that clearly covers virtual assets, and virtual assets are riders and, and the like that, that we are doing in a way that is informed by what we are learning from, from, frankly, from smart people in this room.
Last year, Treasury requested additional authorities and resources from Congress to specifically talk about or go after and police crypto issues. And I think you even repeated that request in risk assessments over the last couple of months. Could you just speak to you know, how's Congress reacted, what the engagement with them looked like? And do you think you'll get what you're hoping for?
Look, I think we're in a we're in a constant conversation with Congress, I think we've reflected and we've tried to reflect here, some of the key risks that we perceive, one of them being this challenge with the jurisdictions out there that are developing virtual assets and an environment where there's very little or no regulatory infrastructure around managing illicit finance and AML/CFT compliance in line with international standards set by the Financial Action Task Force. So how do we help our U.S. persons andU.S.financial institutions manage that risks and some of the ways that we've reflected that we can do that is by creating authority for Treasury to restrict financial institutions and other U.S.persons from engaging or virtual assets, service providers that are here in the United States from engaging with these other virtual assets, service providers that are operating in jurisdictions that have no meaningful AML/CFT compliance, or we know are behaving in a way that is allowing for a lot of this type of illicit finance that we perceive and are collectively concerned about?
I think the second thing that we've been really focused on is the risks around stable coins. And particularly, as we have seen those become more attractive to terrorists and other bad actors. Is there a way to work with Congress to get in authority so that those stable coins that are U.S. backed are clearly subject to OFAC sanctions authorities? And then, you know, I think overall, you know, it's the work to ensure that virtual asset service providers and other entities that operate in the ecosystem know clearly that based on the activity that they are engaged in, they are required to register with FinCEN as a money services business, or, or are really a financial institution that's subject to all of the AML/CFT obligations that FinCEN administers. Right now. What we have, we often see is virtual asset service providers, big and small, will say well, 'that's not us, we're not subject to your regulatory remit.' So making clear that, no, you don't get to define whether you're you are not based on the product that you that you are developing or you have promulgated, but really it's based on the activity that you're engaged in and regulate statutory definition of financial institutions may be the way to get at that challenge.
You mentioned Binance earlier, and, you know, we have an entire panel tomorrow on just corporate monitorships in crypto companies and their potential continued evolution. Could you speak to the settlement itself, how that came to be. And then I know a corporate monitor has finally been appointed a few weeks ago, here to speak to what that engagement with them will look like in the coming weeks and months.
Just set the stage a little bit on Binance. We, with the Department of Justice CFTC, engaged in the largest enforcement actions that Treasury has ever undertaken, which was settled for $4 billion. But as a sort of a critical piece of that settlement is this monitorship that will last for five years. The reason the monitor ship is so important is because of the violations that we saw Binance engaged with and that included apparent violations of our sanctions programs, which included U.S. persons engaging with sanctioned jurisdictions, Iran, Syria, North Korea, Cuba, Crimea and Ukraine and the like.
We saw that Binance had no meaningful AML/CFT compliance program to speak of and as a result of that, there were over 100,000 suspicious transactions that were not identified by Binance over a period of years. So the monitorship will allow FinCEN to ensure that Binance has a credible and comprehensive AML/CFT compliance program in place, that they have fully incredibly exited the United States that they will engage in a look back of that history of suspicious activity and prove and file and provide information as it relates to those transactions. And one of the, you know, sort of foundational things in addition to the monetary payment, we're really these sort of historically important capacity to ensure for ourselves that Binance is no longer engaged in the type of activity that was so deeply problematic over the last number of years. And certainly to the extent that we identify that Binance continues to engage in those activities that would be subject to very significant additional penalties, to the extent that they breach the agreement.
It feels like we're starting to get to a point where a lot of crypto companies are beginning to accept and understand that maybe they should have compliance departments and worry about these issues earlier in the stage. Do you have any thoughts or advice for them to make sure that they don't end up in a place down the line where they are now facing down [a similar enforcement action]? I think the key is really that sort of tone from the top and compliance really built into the culture of an organization. That's like a day one principle, it can't be, 'we'll get to it once we've scaled some.' I think that's a problem that we often see, we see, you know, sort of the desire to sort of outsource compliance or relegate compliance, a certain part of your business, and that isn't as a successful operating model. I think that that sort of tone from the top is critical. The other thing is really building in the sort of the tools and the technology to manage illicit finance risks, to do AML/CFT, the KYC, the sanctions list screening, from the very beginning, again, don't wait until you've scaled to do those types of things. And the thing that we really need and we really want to see and have for many firms, but for many others we don't see this is really that sort of proactive engagement, proactively engaging us on sort of what You're seeing because you're obviously will be much closer to it.
And that type of proactive engagement can help you better assess your risk and ensures that your compliance program isn't geared towards a risk environment that hasn't, you know, frankly, shifted quite a bit to the right. I think the thing that we really need and find to be so valuable, and I think as really a really a great sort of feedback loop, when it works well is getting those reports of suspicious transactions and suspicious activity that provides really the foundation for the advisories and the alerts and the other communications that FinCEN provides about sort of the risks that we that we are seen. And that's been true, very true in the context of digital assets. And since 2022, I think FinCEN has released 15 of those types of alerts and advisories. So that is critical to what we do and and I and at the end of the day, I think we want to create more avenues and more forums for Frank, productive, open exchanges. FinCEN hosts what's called FinCEN exchanges, which are statutorily mandatory and that provides a confidential format, to have direct conversations between FinCEN law enforcement and companies to talk about sort of the illicit finance risks that we collectively proceed and way to tailor our respective approaches to manage that risk. Awesome.
So we're about to wrap up in a minute, but really quickly, so maybe you could just speak a little bit to kind of sanctions compliance and monitoring with crypto companies , in particular, if there's any challenges you've had with, you know, making sure crypto companies – even the ones that want to work with Treasury – that they have for making sure they're actually able to do so effectively.
I think it's to two things, I would say on the sort of sanctions list side and sort of understanding what can and cannot be done as it relates to OFAC authorities. OFAC has a hotline, it's 24 hours, they'll respond usually for the vast majority within 24 to 48 hours, encourage you to use that hotline and ask your questions of OFAC. And then with FinCEN, you know, to the extent that we are not providing alerts and guidance that is useful to your business, or you don't perceive that please come talk to us. And I know we are happy to facilitate additional opportunities for exchanges that directly related to the types of risks that you're seeing. But we can't do that, if we don't have the type of industry cooperation, which is really in that sort of the two flavors, one the sort of meaningful AML/CFT compliance programs that allow for the identification of specific activity on your platforms or through your service. So I think having that information really allows us to work more effectively and efficiently with this industry and I think will result in the type of hopefully tailored regulatory and statutory approaches that will achieve the goal that we all want, which is to promote and support financial innovation here in the United States. |